refactor

nixos/common/optional/yubikey.nix

@@ -0,0 +1,26 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    # Enables files to be encrypted to age identities stored on YubiKeys
+    age-plugin-yubikey
+    # Setup dm-crypt managed device-mapper mappings.
+    cryptsetup
+    # Configure your YubiKey via the command line
+    yubikey-manager
+  ];
+
+  # Manage secret (private) keys.
+  programs.gnupg.agent = {
+    enable = true;
+    # Fix: invalid time when using keytocard
+    pinentryPackage = pkgs.pinentry-curses;
+  };
+
+  # Use our yubikey as a user login or for sudo access
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+
+  # Enable udev rules for gnupg smart cards
+  hardware.gpgSmartcards.enable = true;
+}